ISC S1 EXAM QUESTIONS AND
ANSWERS
Which of the following framework functions in the Privacy Framework Core best
describes how the organization should drive dialogue around privacy risks related to
data processing activities? - ANSWER-Communicate
Which of the following framework functions in the Privacy Framework Core best
helps the organization determine what the company's privacy risks related to data
processing activities are? - ANSWER-Identify
Which of the following framework functions in the Privacy Framework Core best
helps the organization determine what the best management structure is for privacy
risks related to data processing activities? - ANSWER-Control
Which of the following framework functions in the Privacy Framework Core best
helps the organization determine what the best governance structure is for privacy
risks related to data processing activities. - ANSWER-Govern
According to NIST Security and Privacy Controls for Information Systems and
Organizations, an augmentation of a security or privacy control in order to build in
additional but related functionality to the control, to increase the strength of the
control, or to add assurance to the control is known as a control: - ANSWER-
Enhancement
Which of the following organizations would most likely be considered a covered
entity under the Health Insurance and Portability Act (HIPAA)? - ANSWER-A
business that specializes in physical therapy for patients in coordination with a
primary physician would most likely be handling protected health information.
Which CIS Control best describes using processes and tools to create, assign,
manage, and revoke access credentials and privileges for user, administrator, and
service accounts for enterprise assets and software? - ANSWER-Access Control
Management
Which CIS Control is best described as follows: Collect, alert, review, and retain
audit logs of events that could help detect, understand, or recover from an attack. -
ANSWER-Audit Log Management
Which CIS Control is best described as follows: Use processes and tools to assign
and manage authorization to credentials for user accounts, including administrator
accounts, as well as service accounts, to enterprise assets and software. -
ANSWER-Account Management
, Which CIS Control actively manages (inventory, track, and correct) all software (such
as operating systems and applications) on the network so that only authorized
software is installed and can execute, and that unauthorized and unmanaged
software is found and prevented from installation or execution. - ANSWER-Inventory
and Control of Software Assets
Which CIS Control best describes the recommendation to actively manage all
enterprise assets connected to the infrastructure physically, virtually, remotely, and
those within cloud environments, to accurately know the totality of assets that need
to be monitored and protected within the enterprise? - ANSWER-Inventory and
Control of Enterprise Assets
Which CIS Control is best described as follows: Develop processes and technical
controls to identify, classify, securely handle, retain, and dispose of data. -
ANSWER-Data Protection
Which CIS Control is best described as follows: Establish and maintain the secure
configuration of enterprise assets (end-user devices, including portable and mobile;
network devices; non-computing/IoT devices; and servers) and software (such as
operating systems and applications). - ANSWER-Secure Configuration of Enterprise
Assets and Software
Which CIS Control is best described as follows: Improve protections and detections
of threats from email and web vectors, as these are opportunities for attackers to
manipulate human behavior through direct engagement. - ANSWER-Email and Web
Browser Protections
According to the Center for Internet Security (CIS), which of the following controls
underscores the criticality of regular review of the cyberenvironment to identify
weaknesses in order to help deter attackers? - ANSWER-Continuous vulnerability
management
Which CIS Control best describes the development of a plan to access and track
vulnerabilities on all enterprise assets periodically within the enterprise's
infrastructure to reduce the opportunity of attacks while monitoring industry sources
for new threat information? - ANSWER-Continuous Vulnerability Management
Which CIS Control collects, alerts, reviews, and retains audit logs of events that
could help detect, understand, or recover from an attack. - ANSWER-Audit Log
Management
Which of the following best describes the overview of CIS Control 03: Data
Protection? - ANSWER-Develop processes controls to identify, handle, retain, and
dispose of data.
Which CIS Control best describes use of processes and tools to assign and manage
authorization to credentials for user accounts, including administrator accounts, as
well as service accounts, to enterprise assets and software? - ANSWER-Account
Management
ANSWERS
Which of the following framework functions in the Privacy Framework Core best
describes how the organization should drive dialogue around privacy risks related to
data processing activities? - ANSWER-Communicate
Which of the following framework functions in the Privacy Framework Core best
helps the organization determine what the company's privacy risks related to data
processing activities are? - ANSWER-Identify
Which of the following framework functions in the Privacy Framework Core best
helps the organization determine what the best management structure is for privacy
risks related to data processing activities? - ANSWER-Control
Which of the following framework functions in the Privacy Framework Core best
helps the organization determine what the best governance structure is for privacy
risks related to data processing activities. - ANSWER-Govern
According to NIST Security and Privacy Controls for Information Systems and
Organizations, an augmentation of a security or privacy control in order to build in
additional but related functionality to the control, to increase the strength of the
control, or to add assurance to the control is known as a control: - ANSWER-
Enhancement
Which of the following organizations would most likely be considered a covered
entity under the Health Insurance and Portability Act (HIPAA)? - ANSWER-A
business that specializes in physical therapy for patients in coordination with a
primary physician would most likely be handling protected health information.
Which CIS Control best describes using processes and tools to create, assign,
manage, and revoke access credentials and privileges for user, administrator, and
service accounts for enterprise assets and software? - ANSWER-Access Control
Management
Which CIS Control is best described as follows: Collect, alert, review, and retain
audit logs of events that could help detect, understand, or recover from an attack. -
ANSWER-Audit Log Management
Which CIS Control is best described as follows: Use processes and tools to assign
and manage authorization to credentials for user accounts, including administrator
accounts, as well as service accounts, to enterprise assets and software. -
ANSWER-Account Management
, Which CIS Control actively manages (inventory, track, and correct) all software (such
as operating systems and applications) on the network so that only authorized
software is installed and can execute, and that unauthorized and unmanaged
software is found and prevented from installation or execution. - ANSWER-Inventory
and Control of Software Assets
Which CIS Control best describes the recommendation to actively manage all
enterprise assets connected to the infrastructure physically, virtually, remotely, and
those within cloud environments, to accurately know the totality of assets that need
to be monitored and protected within the enterprise? - ANSWER-Inventory and
Control of Enterprise Assets
Which CIS Control is best described as follows: Develop processes and technical
controls to identify, classify, securely handle, retain, and dispose of data. -
ANSWER-Data Protection
Which CIS Control is best described as follows: Establish and maintain the secure
configuration of enterprise assets (end-user devices, including portable and mobile;
network devices; non-computing/IoT devices; and servers) and software (such as
operating systems and applications). - ANSWER-Secure Configuration of Enterprise
Assets and Software
Which CIS Control is best described as follows: Improve protections and detections
of threats from email and web vectors, as these are opportunities for attackers to
manipulate human behavior through direct engagement. - ANSWER-Email and Web
Browser Protections
According to the Center for Internet Security (CIS), which of the following controls
underscores the criticality of regular review of the cyberenvironment to identify
weaknesses in order to help deter attackers? - ANSWER-Continuous vulnerability
management
Which CIS Control best describes the development of a plan to access and track
vulnerabilities on all enterprise assets periodically within the enterprise's
infrastructure to reduce the opportunity of attacks while monitoring industry sources
for new threat information? - ANSWER-Continuous Vulnerability Management
Which CIS Control collects, alerts, reviews, and retains audit logs of events that
could help detect, understand, or recover from an attack. - ANSWER-Audit Log
Management
Which of the following best describes the overview of CIS Control 03: Data
Protection? - ANSWER-Develop processes controls to identify, handle, retain, and
dispose of data.
Which CIS Control best describes use of processes and tools to assign and manage
authorization to credentials for user accounts, including administrator accounts, as
well as service accounts, to enterprise assets and software? - ANSWER-Account
Management